Ransomware Attack on Lurie Children's Hospital: Can We Call This Terrorism Now?


February 5, 2024

World map

A ransomware attack has reportedly disrupted systems for nearly a week at Lurie Children's Hospital of Chicago, one of the biggest pediatrics providers in the region.

“Hundreds of thousands of patients and their families haven't been able to get care, reach their pediatricians or access their online medical records. During this outage, elective surgeries have been postponed and doctors can't access pending test results. Providers still don't have access to all patient records, as many are only available digitally,” Axios reports.

“Staffers and patients have relied on physical paperwork, including writing prescription slips. Patients have not been able to reach doctors' offices to create, confirm or cancel appointments, leaving providers unsure of who will show up and staffing challenges.”

Takeaway: We have reached the point where ransomware attacks against critical infrastructure such as healthcare providers should undoubtedly be classified as cyberterrorism, and the U.S. government should be addressing these life-threatening attacks as such.

If a gunman went into a children's hospital and held the staff and patients hostage, preventing the administration of care for days on end, there is little doubt that the headlines would scream terrorism.

But if a remote attacker disrupts systems critical to care and holds the healthcare provider and their patients to ransom, potentially putting the lives of those patients at risk, we simply call it a “security event” and treat it as an IT downtime issue?

This simply cannot stand. Ransomware attacks are putting lives at risk, and these attacks are nothing short of outright terrorism. We need to call these attacks what they are, and address them accordingly,

Whether it’s exposing clinical photographs of breast cancer patients or disrupting a multi-state regional healthcare provider, data extortion and ransomware groups have shown time and time again that there is no line they will not cross for profit, even if it hurts the most vulnerable in society.

Is this an alarmist position to take? Not in the least.  

Ransomware attacks against the healthcare system are increasingly impacting organization’s ability to care for patients, and some studies have already found a direct link between ransomware attacks and increased patient mortality.

A recent study found that 68% said ransomware attacks resulted in a disruption to patient care, and 43% said data exfiltration during the attack also negatively impacted patient care with 46% noting increased mortality rates, and 38% noting more complications in medical procedures following an attack.

Another recent report revealed that 539 known ransomware attacks targeting healthcare organizations in the US since 2016 compromised more than 52 million patient records and have cost providers about $80 billion in network downtime losses.

Other recent incidents include a ransomware attack on Prospect Medical Holdings that forced the suspension of services at emergency rooms, cancelled medical procedures, downed billing systems, and caused ambulances to be diverted at multiple healthcare facilities.

And there were several hospital emergency rooms in New Jersey that were forced to divert ambulances following a disruptive ransomware attack, and an attack on SMP Health forced the organization to cease operations altogether.

With lives literally on the line, why is this threat not being taken more seriously?

Ransomware operators will continue to victimize healthcare providers because the sector typically lacks the appropriate budgets and staff to maintain a reasonable security posture.

Criminal ransomware groups know that the impact of an attack against healthcare organizations does not just disrupt everyday business, it directly affects the lives of their patients.  

This puts tremendous pressure on the organization to pay the ransom demand or risk delays in patient care. Ransomware operators know this and use this urgency as leverage to compel ever larger ransom demands.  

If this does not rise to the level of outright terrorism, what does?

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.